中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 20/100
上次扫描:2 天前 重新扫描
20 /100
claude-bridge
Bridge to local Claude Code CLI - no API key required. Creates task files and shell scripts, then executes Claude Code locally via subprocess.
Legitimate Claude Code CLI bridge with no malicious behavior; minor documentation gaps around subprocess usage.
技能名称claude-bridge
分析耗时48.2s
引擎pi
可以安装
Add explicit subprocess.run() declaration to SKILL.md and consider using shlex.quote() for prompt escaping to prevent shell injection edge cases.

安全发现 4 项

严重性 安全发现 位置
低危
Shell script injection surface in create_task()
The create_task() function inserts the user prompt into a bash script with only double-quote escaping. Special shell characters like $() or backticks in the prompt could be evaluated as shell commands when the script is sourced.
claude -p "{prompt.replace('"', '\\"')}" --allowedTools "Read,Edit,Bash"
→ Use shlex.quote() for proper shell escaping or pass the prompt via environment variable instead of inline string interpolation.
 claude_bridge.py:54
低危
subprocess.run() not explicitly declared in SKILL.md
The SKILL.md describes the workflow (create task, execute, read results) but does not explicitly mention that subprocess.run() is used to execute bash scripts. While the implementation is transparent, this creates a doc-to-code gap.
No explicit mention of subprocess.run() or bash script execution
→ Add a 'Implementation Details' section to SKILL.md documenting the use of subprocess and shell scripts.
 SKILL.md:1
提示
Allowed tools restriction is a good security measure
The skill hardcodes --allowedTools 'Read,Edit,Bash' in all generated scripts, limiting Claude Code to only these three tools. This is a positive security design that prevents Claude Code from using more dangerous tools like WebFetch or Write.
--allowedTools "Read,Edit,Bash"
→ No action needed; this is a good security practice.
 claude_bridge.py:72
提示
Task execution scoped to local directories
All tasks are executed in the skill's own directory (claude-bridge), not arbitrary user-specified paths. The cd command in generated scripts points to the skill's home directory.
cd "{os.getcwd()}"
→ No action needed; this limits blast radius.
 claude_bridge.py:68
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 claude_bridge.py:54-69 writes task JSON and shell scripts to tasks/ directory
命令执行 WRITE WRITE ✓ 一致 claude_bridge.py:86-90 uses subprocess.run() to execute bash scripts
网络访问 NONE NONE No direct network calls in claude_bridge.py; Claude Code CLI handles API calls s…
1 项发现
🔗
中危 外部 URL 外部 URL
https://coding.dashscope.aliyuncs.com/apps/anthropic
results/analyze_claude_code_source.txt:4

目录结构

51 文件 · 47.0 KB · 1175 行
Shell 13f · 370L Text 13f · 287L Python 1f · 252L Markdown 1f · 165L JSON 23f · 101L
├─ 📁 results
│ ├─ 📄 analyze_claude_code_source.txt Text 55L · 1.7 KB
│ ├─ 📋 analyze_commands_system.json JSON 1L · 69 B
│ ├─ 📄 analyze_commands_system.txt Text 34L · 1.8 KB
│ ├─ 📋 analyze_query_engine.json JSON 1L · 69 B
│ ├─ 📄 analyze_query_engine.txt Text 45L · 2.5 KB
│ ├─ 📋 analyze_tools_system.json JSON 1L · 69 B
│ ├─ 📄 analyze_tools_system.txt Text 33L · 1.8 KB
│ ├─ 📋 fix_db_cache_002.json JSON 1L · 69 B
│ ├─ 📄 fix_db_cache_002.txt Text 8L · 207 B
│ ├─ 📋 fix_db_kairos_001.json JSON 1L · 69 B
│ ├─ 📄 fix_db_kairos_001.txt Text 8L · 363 B
│ ├─ 📋 fix_db_memory_003.json JSON 1L · 69 B
│ ├─ 📄 fix_db_memory_003.txt Text 8L · 207 B
│ ├─ 📄 fix_web_ui_full_access.txt Text 16L · 742 B
│ ├─ 📋 fix_web_ui_missing_files.json JSON 1L · 69 B
│ ├─ 📄 fix_web_ui_missing_files.txt Text 1L · 79 B
│ ├─ 📋 manual_1775136627.json JSON 1L · 69 B
│ ├─ 📄 manual_1775136627.txt Text 1L · 51 B
│ ├─ 📋 manual_1775199172.json JSON 1L · 69 B
│ ├─ 📄 manual_1775199172.txt Text 43L · 1.9 KB
│ ├─ 📄 optimize_web_components.txt Text 27L · 1.0 KB
│ ├─ 📋 test_fix_001.json JSON 1L · 69 B
│ └─ 📄 test_fix_001.txt Text 8L · 235 B
├─ 📁 tasks
│ ├─ 📋 analyze_claude_code_source.json JSON 7L · 1.1 KB
│ ├─ 🔧 analyze_claude_code_source.sh Shell 54L · 1.6 KB
│ ├─ 📋 analyze_commands_system.json JSON 7L · 518 B
│ ├─ 🔧 analyze_commands_system.sh Shell 29L · 1.0 KB
│ ├─ 📋 analyze_query_engine.json JSON 7L · 540 B
│ ├─ 🔧 analyze_query_engine.sh Shell 29L · 1.0 KB
│ ├─ 📋 analyze_tools_system.json JSON 7L · 538 B
│ ├─ 🔧 analyze_tools_system.sh Shell 29L · 1.0 KB
│ ├─ 📋 fix_db_cache_002.json JSON 7L · 696 B
│ ├─ 🔧 fix_db_cache_002.sh Shell 31L · 1.1 KB
│ ├─ 📋 fix_db_kairos_001.json JSON 7L · 552 B
│ ├─ 🔧 fix_db_kairos_001.sh Shell 26L · 1.0 KB
│ ├─ 📋 fix_db_memory_003.json JSON 7L · 700 B
│ ├─ 🔧 fix_db_memory_003.sh Shell 32L · 1.2 KB
│ ├─ 📋 fix_web_ui_full_access.json JSON 7L · 843 B
│ ├─ 🔧 fix_web_ui_full_access.sh Shell 29L · 1.4 KB
│ ├─ 📋 fix_web_ui_missing_files.json JSON 7L · 868 B
│ ├─ 🔧 fix_web_ui_missing_files.sh Shell 34L · 1.4 KB
│ ├─ 📋 manual_1775136627.json JSON 7L · 426 B
│ ├─ 🔧 manual_1775136627.sh Shell 17L · 988 B
│ ├─ 📋 manual_1775199172.json JSON 7L · 484 B
│ ├─ 🔧 manual_1775199172.sh Shell 17L · 1.0 KB
│ ├─ 📋 optimize_web_components.json JSON 7L · 709 B
│ ├─ 🔧 optimize_web_components.sh Shell 26L · 1.2 KB
│ ├─ 📋 test_fix_001.json JSON 7L · 317 B
│ └─ 🔧 test_fix_001.sh Shell 17L · 765 B
├─ 🐍 claude_bridge.py Python 252L · 7.4 KB
└─ 📝 SKILL.md Markdown 165L · 3.5 KB

依赖分析 1 项

包名版本来源已知漏洞备注
python3 system stdlib No external dependencies; uses only Python standard library (subprocess, json, os, time, pathlib)

安全亮点

✓ No credential harvesting: no access to ~/.ssh, ~/.aws, .env, or similar sensitive paths
✓ No data exfiltration: no POST requests to external IPs; all results stored locally
✓ No obfuscation techniques: no base64, eval(), or atob() patterns found
✓ Allowed tools restriction (Read,Edit,Bash only) limits Claude Code's capabilities
✓ Task execution is scoped to the skill's own directory
✓ No curl|bash or wget|sh remote script execution patterns
✓ No hidden instructions in HTML comments or other files
✓ Code is readable and straightforward with no suspicious patterns